Slashdot Mirror

← Back to Stories (view on slashdot.org)

Finding Student IT Security Placements in the Industry?

Posted by Cliff on from the finding-the-experience dept.

CABAN writes "I am a third year computer security and investigations student. My program requires a three month placement in the IT security and forensics industry. Finding an appropriate learning environment seems to be harder than I expected. Lack of security clearance, no real world experience and many companies, who just don't see a need for ITS, are the critical shortfalls right now. What tips does Slashdot have for finding organizations who are willing to let students get involved with sensitive security procedures and cases?"

9 of 273 comments (clear)

  1. hey by MORTAR_COMBAT! · · Score: 4, Informative

    if you want to come manage security patches for a few thousand windows, aix, solaris, and linux machines for me, let me know.

    --
    MORTAR COMBAT!
  2. Financial and Insurance Services by j0keralpha · · Score: 5, Informative

    These companies are both expanding their security apparatus and also are both industries known to be in love with the college intern concept. I interviewed for several security positions at insurance firms (specifically car insurance) who were hiring something like 5 or 6 security architects in one shot. Try to apply to intern programs there or at big Financial.

  3. small companies, security vendors by lottameez · · Score: 4, Informative

    I would be looking at smaller companies and offering what you have to them. Most cannot afford security consultants and would probably welcome your expertise perhaps on a intern or consultant basis. The other obvious option is to talk to those companies that build security software for a living.

    My .02

    --
    Yeah? Well I think you're overrated too.
  4. NSA Internship by shadfc · · Score: 5, Informative
    NSA Summer Network Evaluation Internship Program.

    Its a 12-week program following the student's third year.

    As a participant in the Summer Network Evaluation Intern Program (SNEIP) you will acquire an appreciation of the challenges our Nation faces in network security as it relates to real-world work experiences. You will experience first-hand some of the critical work done at NSA as well as have the opportunity to apply your skills on hardware and software systems to enhance network security and contribute to the security of U.S. information systems.

    Sadly, this wont benefit you since the application deadline has passed.

  5. Some tips by benjiboo · · Score: 4, Informative

    I guess you need some value proposition. Remember that most companies are in the business of making money, and it needs to be the case that you can give more than it takes to employ you in terms of usage of staff time, resources, training, office space. Here are a few ways you can do this:

    - Offer to help with more general systems development/support as well as the security element. You might have to spend a signficant percentage of your time acting as a cheap coding monkey in order to get exposure to the stuff of relevance to you.

    - Offer to train other staff free or charge, or provide audit or documentation for systems.

    - Highlight the risks of security problems in terms of real monetary costs to an organisation who don't invest in security.

    - Sell yourself as an independant and pro-active potential employee who won't be a drain on resources.

    - Be flexible in the work and projects that you can offer. Remember that you will only be hired for the work experience if you can fill a valid required business objective.

    - Cast your net wide, and speak to people on the ground in an organisation. Contacting a small group of companies via HR departments is a guaranteed way for your e-mails to end up in a black hole.

    - Get on the phone or right physical letters. They're emotionally harder to discard or ignore than an e-mail.

    - Remember to contact non-obvious choices such as schools, charities, NGO's, open source projects?

    - Above all, be enthusiasitc and state your willingness to learn!

    --
    Vacancy for signature. Apply within.
  6. Re:Don't you have an advisor? by Ry-Dawg · · Score: 4, Informative

    My university also has a full-blown co-op program. It operates by contacting businesses across Canada and asking if they would like to have some of their students apply for jobs. Then us students go through a process much like applying for a job in the "real" world. I think this is much better than having some scruffy third year student (like me) call them up and ask if they want to hire him (or her) for a security position.

    Also, there is a precedent for security companies hiring Co-op students. If I am not mistaken, The Canadian Security Company (I can't remember their proper name, CSE or something like that) hires some students from my university every study term. The students have to go through a security clearance process that has several requirements such as: you must be a canadian citizen and, criminal record checks and such.

    if you want to see our website, go to www.cs.unb.ca

    So yeah, the point of all that is to tell you to definitely get in touch with your advisor. I'm sure you have a course advisor (if you don't, get one!). He or she should be able to point you in the right direction.

    --
    rydawg --
  7. Security Clearance by dexterpexter · · Score: 4, Informative

    The only way to get that security clearance is to start the process, and start it early. I notice that you are from Canada, so I can't give any advice specific to your situation, but I am sure that the Canadian government has cybersecurity internship slots.

    Apply to one of those and the government will usually pay for the security clearance. A lot of times, government positions rotate their interns into many security positions and place them with a mentor, so you get the benefit of varied experience. Even better, these are most often available during the summer (three month vacation to a security position works) and since most places start processing in December/January, you're right on that edge for applying.

    I suggest you check out your own various government agencies and send your resume out. Processing time for young people usually borders about four or five months (although it can take over a year), which would put you, if all goes well, at the perfect timing to get one of these positions. And, better, agencies often hire their interns for full time positions when the students graduate, and you will already have your clearance.

    I, however, like many /. commenters, find it odd that your program has a service component involved and no contact network or career advising attached to it. Frankly, if you're early in your studies, I would consider going elsewhere. Most programs that have service components have professors or advisors with vast social networks that can place you in a good position. I would certainly check with your professors and make sure that there isn't an unofficial social network there that they can get you hooked into.

    But if you are planning on going into the security profession, that security clearance is something you will want/need anyways, so if you can get it now, all the better!

    --

    *-*-*-*-*-*-*-*
    "We are Linux. Resistance is measured in Ohms."
  8. Work for a casino or slot machine manufacturer by XopherMV · · Score: 5, Informative

    I was a gaming agent for the Tulalip Casino up in Marysville, WA. I was responsible for inspecting the slot machines, which in Washington state are basically networked computers. (They have no internet connection if you were wondering.)

    These places are always looking for good, qualified people and seem to have trouble getting them. I was one of two people in the whole agency with a CS degree, making me uniquely qualified. Generally, they have to take people with a criminal justice degree and teach them the ins and outs of the computer system. They would love someone already trained in computer security.

    Besides looking at your local casinos, you can also check out the slot machine manufacturers. Sierra Design Group, located in Reno, is a group I highly recommend. They have an awesome, stable product, that the industry loves and runs on Unix. They're a subsidiary of Bally Games, so you can find their job page here.

    Another computer, located in Austin, is Multimedia Games. They pretty much have the lock on the class 2 games. Here is their jobs page.

  9. This won't win me any fans... by flinxmeister · · Score: 4, Informative

    ...but I really think anyone involved in IT security should have at least 3-5 years in the trenches first. If you *really* want to know your stuff this is simply a requirement. Finance or Medical is a good proving ground, but infrastructure (power companies, etc) is starting to be a good one too.

    My advice would be to get a sysadmin or operational job first, and spend every second of free time addressing the security aspects in that environment. Then when you move into a security specific job you have some meat to talk about: "well at company X we implemented Plan Y to address this issue", and "I found that we consistently had problem Y". I personally would be very skeptical of a security pro right out of school.